From owner-freebsd-current@FreeBSD.ORG  Fri Oct  3 20:18:13 2003
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E522316A4B3
	for <current@freebsd.org>; Fri,  3 Oct 2003 20:18:13 -0700 (PDT)
Received: from troutmask.apl.washington.edu (troutmask.apl.washington.edu
	[128.208.78.105])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 202BD43FEC
	for <current@freebsd.org>; Fri,  3 Oct 2003 20:18:11 -0700 (PDT)
	(envelope-from sgk@troutmask.apl.washington.edu)
Received: from troutmask.apl.washington.edu (localhost [127.0.0.1])
	h943I6OH064226;	Fri, 3 Oct 2003 20:18:06 -0700 (PDT)
	(envelope-from sgk@troutmask.apl.washington.edu)
Received: (from sgk@localhost)h943I6dS064225;
	Fri, 3 Oct 2003 20:18:06 -0700 (PDT)	(envelope-from sgk)
Date: Fri, 3 Oct 2003 20:18:06 -0700
From: Steve Kargl <sgk@troutmask.apl.washington.edu>
To: Barney Wolff <barney@databus.com>
Message-ID: <20031004031806.GA64214@troutmask.apl.washington.edu>
References: <20031004014527.GB32411@pit.databus.com>
	<20031004015404.GW72999@procyon.firepipe.net>
	<20031004021041.GA33705@pit.databus.com>
	<20031004021750.GX72999@procyon.firepipe.net>
	<20031004024852.GA49129@pit.databus.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20031004024852.GA49129@pit.databus.com>
User-Agent: Mutt/1.4.1i
cc: current@freebsd.org
Subject: Re: [security-advisories@freebsd.org: [FreeBSD-Announce] FreeBSD
	Security Advisory FreeBSD-SA-03:17.procfs]
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Oct 2003 03:18:14 -0000

On Fri, Oct 03, 2003 at 10:48:53PM -0400, Barney Wolff wrote:
> On Fri, Oct 03, 2003 at 07:17:50PM -0700, Will Andrews wrote:
> > 
> > ...  The rule is that changes are always committed to
> > -CURRENT first, unless they do not apply.  This rule is rarely
> > broken in FreeBSD, and certainly never broken for security issues.
> 
> That's of course expected and appreciated.  But consider the different
> actions required of a reasonably paranoid FreeBSD SA on receipt of
> a security advisory:  If following anything but -current, cvsup and
> check the versions of the listed files.  If following -current,
> either trust that the updates made it to the mirror of choice, or
> look up on www.freebsd.org what the latest versions of the listed
> files are and check that you have them.  Since the SO is presumably
> taking the changes from -current, I hope it would not be too much
> of an imposition to list those versions in the advisory as well.
> 

If you're running -current, then you are reading the cvs-all
or at least the cvs-src mailing list.  It should be apparent
that the fixes hit -current before the SA is announced.

-- 
Steve